General Info

URL

http://blasze.tk/9JIGBL

Full analysis
https://app.any.run/tasks/d90fa1b8-5f42-49dd-8e57-81d563eecaa9
Verdict
Malicious activity
Analysis date
3/14/2019, 20:46:32
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • chrome.exe (PID: 2860)
Changes settings of System certificates
  • chrome.exe (PID: 2860)
Application launched itself
  • chrome.exe (PID: 2860)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
38
Monitored processes
10
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2860
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://blasze.tk/9JIGBL
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
3616
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f6000b0,0x6f6000c0,0x6f6000cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2856
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2864 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
3996
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=33FF2C0AC3CCF2B4F5A9F9DE1C426F58 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
2700
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --service-pipe-token=587870EDE714DF2DF9DDF8B0C0206D68 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=587870EDE714DF2DF9DDF8B0C0206D68 --renderer-client-id=4 --mojo-platform-channel-handle=1876 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3192
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --service-pipe-token=8FC767577AF1E7C24CB24E9688133455 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8FC767577AF1E7C24CB24E9688133455 --renderer-client-id=3 --mojo-platform-channel-handle=2040 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=B56E4536257A81CAA62A9907AFB8C769 --mojo-platform-channel-handle=2652 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
3656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=6B308F53280C0946377C39870F9196D7 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6B308F53280C0946377C39870F9196D7 --renderer-client-id=6 --mojo-platform-channel-handle=3432 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2428
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=650318BE6B7B802E84A33C3F0C212805 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=650318BE6B7B802E84A33C3F0C212805 --renderer-client-id=7 --mojo-platform-channel-handle=2540 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3992
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=976,1112433181398300262,13346142530850764726,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=F4424458FAC8A5886DC712B9068D4A8A --mojo-platform-channel-handle=4064 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
512
Read events
467
Write events
44
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2860
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2860
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2860
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2860
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2860
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2860
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13197066420662750
2860
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2860
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
Blob
0300000001000000140000001FB86B1168EC743154062E8C9CC5B171A4B7CCB41400000001000000140000000F80611C823161D52F28E78D4638B42CE1C6D9E2040000000100000010000000345EFF15B7A49ADD451B65A7F4BDC6AE0F000000010000002000000010D93C9864A521F3065CC3A522509C2AFABB01581CAD9C6D8E89FDD75F9EA747190000000100000010000000E476DC02F1CECF7E6C1E756CD803F6261800000001000000100000000F3A0527D242DE2DC98E5CFCB1E991EE4B0000000100000044000000370034003200330046003800380043003700460032003600350046003000440045004600430030003800450041003800380043003300420044004500340035005F000000200000000100000098040000308204943082037CA003020102021001FDA3EB6ECA75C888438B724BCFBC91300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204341301E170D3133303330383132303030305A170D3233303330383132303030305A304D310B300906035504061302555331153013060355040A130C446967694365727420496E63312730250603550403131E44696769436572742053484132205365637572652053657276657220434130820122300D06092A864886F70D01010105000382010F003082010A0282010100DCAE58904DC1C4301590355B6E3C8215F52C5CBDE3DBFF7143FA642580D4EE18A24DF066D00A736E1198361764AF379DFDFA4184AFC7AF8CFE1A734DCF339790A2968753832BB9A675482D1D56377BDA31321AD7ACAB06F4AA5D4BB74746DD2A93C3902E798080EF13046A143BB59B92BEC207654EFCDAFCFF7AAEDC5C7E55310CE83907A4D7BE2FD30B6AD2B1DF5FFE5774533B3580DDAE8E4498B39F0ED3DAE0D7F46B29AB44A74B58846D924B81C3DA738B129748900445751ADD37319792E8CD540D3BE4C13F395E2EB8F35C7E108E8641008D456647B0A165CEA0AA29094EF397EBE82EAB0F72A7300EFAC7F4FD1477C3A45B2857C2B3F982FDB745589B0203010001A382015A3082015630120603551D130101FF040830060101FF020100300E0603551D0F0101FF040403020186303406082B0601050507010104283026302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D307B0603551D1F047430723037A035A0338631687474703A2F2F63726C332E64696769636572742E636F6D2F4469676943657274476C6F62616C526F6F7443412E63726C3037A035A0338631687474703A2F2F63726C342E64696769636572742E636F6D2F4469676943657274476C6F62616C526F6F7443412E63726C303D0603551D200436303430320604551D2000302A302806082B06010505070201161C68747470733A2F2F7777772E64696769636572742E636F6D2F435053301D0603551D0E041604140F80611C823161D52F28E78D4638B42CE1C6D9E2301F0603551D2304183016801403DE503556D14CBB66F0A3E21B1BC397B23DD155300D06092A864886F70D01010B05000382010100233EDF4BD23142A5B67E425C1A44CC69D168B45D4BE004216C4BE26DCCB1E0978FA65309CDAA2A65E5394F1E83A56E5C98A22426E6FBA1ED93C72E02C64D4ABFB042DF78DAB3A8F96DFF21855336604C76CEEC38DCD65180F0C5D6E5D44D2764AB9BC73E71FB4897B8336DC91307EE96A21B1815F65C4C40EDB3C2ECFF71C1E347FFD4B900B43742DA20C9EA6E8AEE1406AE7DA2599888A81B6F2DF4F2C9145F26CF2C8D7EED37C0A9D539B982BF190CEA34AF002168F8AD73E2C932DA38250B55D39A1DF06886ED2E4134EF7CA5501DBF3AF9D3C1080CE6ED1E8A5825E4B877AD2D6EF552DDB4748FAB492E9D3B9334281F78CE94EAC7BDD3C96D1CDE5C32F3
2856
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2860-13197066418569000
259
3992
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
30
Text files
75
Unknown types
3

Dropped files

PID
Process
Filename
Type
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: cb6063c76bbcc741af133ce5d401d7c8
SHA256: 814d19d1492657fc6a167536da55381fe6d2e125d6f83b368fb42927be381730
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarED86.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\67bdb395-9677-4186-8ab7-90e028b7334e.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 659e45e8765be7252753c9799c760fbb
SHA256: 1bc3cabcfe5c4fa3d5e44fb62df4ef3358c8d7f1af3745205518dbaf1e20dc12
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1a666c.TMP
text
MD5: 659e45e8765be7252753c9799c760fbb
SHA256: 1bc3cabcfe5c4fa3d5e44fb62df4ef3358c8d7f1af3745205518dbaf1e20dc12
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\366eb1f1-8e1e-47fa-a11d-adef6144ab27.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
image
MD5: 3675647e86048fc60fd0d197fb59271c
SHA256: 73f47c261f06af90e82f8d4988fa1968134f2491d5af3f2c7220445b7a186f0c
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 2993664d6f4f0cc97ddccb2ca1e39e79
SHA256: 86ce70a9af101f0f4176e69f5270c8af58c5ed07ae09b38f71512c507f809acc
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a42d6.TMP
text
MD5: 2993664d6f4f0cc97ddccb2ca1e39e79
SHA256: 86ce70a9af101f0f4176e69f5270c8af58c5ed07ae09b38f71512c507f809acc
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\1bdfbd9f-d132-4166-aa95-3da5a814615f.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
compressed
MD5: 92d854995d7e5df677befcd1083136c0
SHA256: 0ee1df10d19c74a2e7fb8a8b374f8469cf103d071014e778301a5f8ddb85614d
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
compressed
MD5: 6f5e885922e854700ee4a3ec7051b0b1
SHA256: 6e81da392cd8a8afaef14a8125f0d892fd5433027eebb18e735c4e1813a16848
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
image
MD5: 28bf149f304894ee95da6979a1b658ff
SHA256: 531d1401b9d46755b126998c4c6d00f3995e9434904ea2f04645840d5afc75cb
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
binary
MD5: acb3aaab76defd0418cc1d81a2e4b73c
SHA256: 37921e7fbb5e6e527b3aa8b43d53aa52f3d6fc1f950384cf13500ad9b532c2fc
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: a3bbaf34fee280bb78bda0ff10708567
SHA256: f7c39d00e57b5df68d186af6562d590374c983ae2d188169f72608b42702ac89
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1a3e62.TMP
text
MD5: a3bbaf34fee280bb78bda0ff10708567
SHA256: f7c39d00e57b5df68d186af6562d590374c983ae2d188169f72608b42702ac89
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: bfac2e5f03646263b00d8a91e4b2b117
SHA256: 1d0b9f7714fb76b784912285dce93324c5762707f42e232433b0f8eff093c1e7
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a3e62.TMP
text
MD5: bfac2e5f03646263b00d8a91e4b2b117
SHA256: 1d0b9f7714fb76b784912285dce93324c5762707f42e232433b0f8eff093c1e7
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2ac140e3-e927-482c-8a47-906e76cf91c0.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\8741aa22-dd87-48af-a84b-f6cda6198b11.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
binary
MD5: 5e27b17d61c93f304835e22cbb768155
SHA256: b1ea2dda5e779770bb32bf8aec42bd0b6008d428dab3a911b3fc196c549bd4b6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
binary
MD5: 9323b0425151ecc4d4fc5758173e588b
SHA256: 30563d0cb4ae034c719c0e965744ae3f0d2e29050741207c454e4665799d4b0d
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
image
MD5: cc7a58dfded6a6aa60096bd73b752854
SHA256: 0ec73650edd743e3e64aab81e79cef7ab9644291d2dbec37be4491e6d6e930ca
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
binary
MD5: 2ffe863e826d6b3a80324d94c0e0fdcf
SHA256: abf4ca180126b40e17860cd7628405778d2e8c7ff30659817db2df794f7e0ce0
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
html
MD5: e1f9048ebd2182baed94da7af7520094
SHA256: f8cc63ce3b8e01a157a379a7e973dbf464127f17c2979dff4fb2de40c4ca5641
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: b7f85a6bee8fae4475cb7095f1a3a90e
SHA256: 5db5263517168c2f7c5f8b631fc1806a14285a4ca7525f3512a10b6e676319da
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a1658.TMP
text
MD5: b7f85a6bee8fae4475cb7095f1a3a90e
SHA256: 5db5263517168c2f7c5f8b631fc1806a14285a4ca7525f3512a10b6e676319da
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f43e5e5b-63bb-4dde-be74-53c2847091b5.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: c942693a5131eb24a40e0200439ba5f1
SHA256: ae0e533f10942c7704089cf5aed3fe8ed4a37cb51c1709a9a60884e6da0c8484
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF1a0783.TMP
text
MD5: c942693a5131eb24a40e0200439ba5f1
SHA256: ae0e533f10942c7704089cf5aed3fe8ed4a37cb51c1709a9a60884e6da0c8484
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d6d9d02f-a360-4779-bbc1-4deec6445651.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF1a004f.TMP
text
MD5: 7c63bb64a7d85874e4c347f89c8b094b
SHA256: f35b2fb24882d8d1c132b104c67a33a8ab487c5c2fd6248eb12d27bb8aabe86f
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 7c63bb64a7d85874e4c347f89c8b094b
SHA256: f35b2fb24882d8d1c132b104c67a33a8ab487c5c2fd6248eb12d27bb8aabe86f
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\016664be-de28-4bfb-995a-63c24ca209bb.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
compressed
MD5: 6f5e885922e854700ee4a3ec7051b0b1
SHA256: 6e81da392cd8a8afaef14a8125f0d892fd5433027eebb18e735c4e1813a16848
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
image
MD5: 173c82fb0ba78a646c0219bf6b21b72a
SHA256: fa578bb85a435cd328271cbd370e0fef6584b3093f17fc3bae68a1fb89c07050
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
image
MD5: 7dd57d7370218f03d0fc9b55713ac02d
SHA256: dcb40e6ee714ee297f15957675d1bb9fcd6d951248dba11d6adb0bb739caf436
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
image
MD5: 6b145c3888a6fb375622601b792d05e9
SHA256: c733119e0a8f3b40c089ae1fb5220895eb6282d482b914113c53e2bb38f5622a
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
image
MD5: f28b5be2e4313a1e909254a249bfd095
SHA256: db8cc771188f3b1c011cc0b9c22e827a63e19704195ed0e81e194bbd2ee69a78
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: abf74f1ac0e43c5e1402a8bedb292cb8
SHA256: bab34935d64a73eeb1ddbae9591a1cee5dabd9b721ae126094af7b1698f780dd
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEEB9.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEEB8.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEEB7.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEEB6.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEE86.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEE85.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 02c1120f28378fd32b58cec3bb9458c2
SHA256: f3c77083fe5d71225ceea0337e819ed7049e2a5692e6c662c5a0eaa97db3dff9
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEE55.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEE54.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
binary
MD5: 3f9d71fbe67e74e3de9e1e478c8494b1
SHA256: 3264d110e0e854475c6f66ae8ce671c2864c958dc427a77632ef121fb72bc682
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarEDB7.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabEDB6.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: f965f18d9140632c6764506cf6135e27
SHA256: 6fc8d2d83e5d220b0c3856b4f027590eb7a44e1e6f88672b1ac864d69ce9328f
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a6c77.TMP
text
MD5: cb6063c76bbcc741af133ce5d401d7c8
SHA256: 814d19d1492657fc6a167536da55381fe6d2e125d6f83b368fb42927be381730
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabED85.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\TarED55.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Temp\CabED54.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B7C322D57057B3593664F2D411D5C076
der
MD5: 345eff15b7a49add451b65a7f4bdc6ae
SHA256: 154c433c491929c5ef686e838e323664a00e6a0d822ccc958fb4dab03e49a08f
2860
chrome.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B7C322D57057B3593664F2D411D5C076
binary
MD5: 3a99f95c9cc2b75819a0595a1e2b3922
SHA256: 921241030273be684da98a7b8e9d7a122c4e98c70f5c77a105c7f4ebd861bb3a
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF19eb60.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
compressed
MD5: 1fb27f4697f662c2af40d102d800afaa
SHA256: a65da2a8a2cf1453fe94706dffcd8de0490ebaf14c681b8b8519830808e2233e
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
binary
MD5: ec43770e9f81e546d7dfb01c00db9f17
SHA256: 45f2f628afe03455c77cabecb2e7cc25a7f598f360de01425969b36812acdf89
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: a6ce90b9145f18e7a721eb3819daaaab
SHA256: 94fe45c14a2ce4fd5f1401c835e5d63111ebf89ff58e03d6b780592f02abf778
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
binary
MD5: 9cf9d0db551588c0e4eed7795698e083
SHA256: 6d1c008732dc4780e68e0e473e76d7d80ef02f23ea78e8783f2275946b6a15dd
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
image
MD5: c04332b579f7bfad2a866291611efc6e
SHA256: a0bb893da5412b75e25ef7bb44285e3e0de74c550f7a2a7e40cb5fd29f82ba41
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 6ad580f3714807a2579e66deb72b6dd8
SHA256: 5ac1bd17a2920dd1436f9bb6a883b449021d94eee85718795b3ecc18f0e6aabc
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 126627170e883aee1837d763dc56edaa
SHA256: 30954c13b55857f993a47c08d1349b3f0b22f531ab460c46787c50b59aa1f112
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF19c1b0.TMP
text
MD5: 126627170e883aee1837d763dc56edaa
SHA256: 30954c13b55857f993a47c08d1349b3f0b22f531ab460c46787c50b59aa1f112
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\94273580-273d-4272-a2bb-26f018187c31.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: d289eec058915234cb82e328982ba0cd
SHA256: e6395d0e96b173c3856208138c6d46e657809ee8fae73b63e1d7820805685388
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19c143.TMP
text
MD5: d289eec058915234cb82e328982ba0cd
SHA256: e6395d0e96b173c3856208138c6d46e657809ee8fae73b63e1d7820805685388
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\68d5dfa9-9510-4388-914f-94da724e233b.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 2928fc47292692dc448aa4c53d5a64a7
SHA256: eebd5888373f1cbbe39d28c9bdc054702f3b4f95ed8992fa3a10653f368ac4c1
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF19c087.TMP
text
MD5: 2928fc47292692dc448aa4c53d5a64a7
SHA256: eebd5888373f1cbbe39d28c9bdc054702f3b4f95ed8992fa3a10653f368ac4c1
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\767a830a-2bb0-4fdf-9ded-a2c85076f936.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF19a34b.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF199fb1.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF199f43.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 19e84b90668d5eb5079c61e3b203d575
SHA256: 7f4042c2922b7eff39633a2328e43c61875947e09e20ff8ca1072236d9b96aa8
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF199e59.TMP
binary
MD5: 19e84b90668d5eb5079c61e3b203d575
SHA256: 7f4042c2922b7eff39633a2328e43c61875947e09e20ff8ca1072236d9b96aa8
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\861fc3b0-ba32-4d18-ad1b-2328ce02aaf4.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF199b6b.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF199aee.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: ebc863bd1c035289fe8190da28b400bc
SHA256: 61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF199ade.TMP
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF199a90.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF199a90.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7a2b2d44-2ef6-4846-bf2a-81311dda5a1a.tmp
––
MD5:  ––
SHA256:  ––
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF199a61.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF199a61.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
2860
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
6
TCP/UDP connections
92
DNS requests
64
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2860 chrome.exe GET 302 104.28.13.103:80 http://blasze.tk/9JIGBL US
html
malicious
2860 chrome.exe GET 200 104.18.10.39:80 http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt US
der
whitelisted
2860 chrome.exe GET 200 52.222.146.114:80 http://x.ss2.us/x.cer US
der
whitelisted
2860 chrome.exe GET 200 52.222.146.114:80 http://x.ss2.us/x.cer US
der
whitelisted
2860 chrome.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2860 chrome.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2860 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted
2860 chrome.exe 104.28.13.103:80 Cloudflare Inc US shared
2860 chrome.exe 216.58.210.3:443 Google Inc. US whitelisted
2860 chrome.exe 172.217.16.141:443 Google Inc. US unknown
2860 chrome.exe 104.20.208.21:443 Cloudflare Inc US shared
2860 chrome.exe 172.217.18.104:443 Google Inc. US suspicious
2860 chrome.exe 108.161.189.78:443 netDNA US unknown
2860 chrome.exe 23.111.10.140:443 netDNA US unknown
2860 chrome.exe 204.11.109.76:443 Exponential Interactive, Inc. US unknown
2860 chrome.exe 216.58.207.78:443 Google Inc. US whitelisted
2860 chrome.exe 108.177.15.157:443 Google Inc. US whitelisted
2860 chrome.exe 204.11.109.65:443 Exponential Interactive, Inc. US unknown
2860 chrome.exe 173.241.240.143:443 OPENX TECHNOLOGIES, INC. US unknown
2860 chrome.exe 52.222.150.179:443 Amazon.com, Inc. US unknown
2860 chrome.exe 2.18.234.233:443 Akamai International B.V. –– whitelisted
2860 chrome.exe 204.11.109.66:443 Exponential Interactive, Inc. US unknown
2860 chrome.exe 104.20.24.11:443 Cloudflare Inc US shared
2860 chrome.exe 52.222.150.30:443 Amazon.com, Inc. US unknown
2860 chrome.exe 54.77.164.43:443 Amazon.com, Inc. IE whitelisted
2860 chrome.exe 95.100.198.4:443 Akamai Technologies, Inc. –– whitelisted
2860 chrome.exe 37.252.172.39:443 AppNexus, Inc –– unknown
2860 chrome.exe 178.162.133.150:443 LeaseWeb Netherlands B.V. NL unknown
2860 chrome.exe 54.165.192.145:443 Amazon.com, Inc. US unknown
2860 chrome.exe 35.203.66.107:443 Google Inc. US whitelisted
2860 chrome.exe 52.213.9.79:443 Amazon.com, Inc. IE unknown
2860 chrome.exe 74.214.194.133:443 PulsePoint B.V. NL unknown
2860 chrome.exe 54.93.153.122:443 Amazon.com, Inc. DE unknown
2860 chrome.exe 104.18.10.39:80 Cloudflare Inc US unknown
2860 chrome.exe 52.28.249.38:443 Amazon.com, Inc. DE unknown
2860 chrome.exe 52.222.146.114:80 Amazon.com, Inc. US unknown
2860 chrome.exe 23.60.196.160:443 Akamai Technologies, Inc. NL whitelisted
2860 chrome.exe 13.107.4.50:80 Microsoft Corporation US whitelisted
2860 chrome.exe 185.64.189.115:443 PubMatic, Inc. GB unknown
2860 chrome.exe 34.255.28.155:443 Amazon.com, Inc. IE unknown
2860 chrome.exe 216.58.206.2:443 Google Inc. US whitelisted
2860 chrome.exe 213.19.162.80:443 The Rubicon Project, Inc. GB unknown
2860 chrome.exe 52.29.121.243:443 Amazon.com, Inc. DE unknown
2860 chrome.exe 54.228.202.240:443 Amazon.com, Inc. IE unknown
2860 chrome.exe 185.64.189.110:443 PubMatic, Inc. GB unknown
2860 chrome.exe 206.189.18.245:443 US unknown
2860 chrome.exe 64.233.167.157:443 Google Inc. US whitelisted
2860 chrome.exe 52.222.150.90:443 Amazon.com, Inc. US suspicious
2860 chrome.exe 52.222.150.141:443 Amazon.com, Inc. US unknown
2860 chrome.exe 94.31.29.32:443 netDNA GB unknown
2860 chrome.exe 216.58.207.34:443 Google Inc. US whitelisted
2860 chrome.exe 172.217.16.194:443 Google Inc. US whitelisted
2860 chrome.exe 172.217.18.166:443 Google Inc. US whitelisted
2860 chrome.exe 151.101.0.166:443 Fastly US unknown
2860 chrome.exe 18.153.11.2:443 US unknown
2860 chrome.exe 35.187.125.239:443 Google Inc. US unknown
2860 chrome.exe 172.217.23.164:443 Google Inc. US whitelisted
2860 chrome.exe 104.27.157.221:443 Cloudflare Inc US shared
2860 chrome.exe 104.25.231.27:443 Cloudflare Inc US unknown
2860 chrome.exe 209.197.3.15:443 Highwinds Network Group, Inc. US whitelisted
2860 chrome.exe 216.58.206.10:443 Google Inc. US whitelisted
2860 chrome.exe 172.217.18.106:443 Google Inc. US whitelisted
2860 chrome.exe 104.25.243.116:443 Cloudflare Inc US shared
2860 chrome.exe 216.58.206.3:443 Google Inc. US whitelisted
2860 chrome.exe 104.25.244.116:443 Cloudflare Inc US unknown
2860 chrome.exe 172.217.16.142:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.67
whitelisted
www.gstatic.com 216.58.210.3
whitelisted
blasze.tk 104.28.13.103
104.28.12.103
malicious
accounts.google.com 172.217.16.141
shared
ssl.gstatic.com 172.217.22.67
whitelisted
pastebin.com 104.20.208.21
104.20.209.21
shared
www.googletagmanager.com 172.217.18.104
whitelisted
tags.expo9.exponential.com 204.11.109.76
204.11.109.75
204.11.109.78
204.11.109.77
unknown
m.servedby-buysellads.com 108.161.189.78
unknown
cdn.carbonads.com 23.111.10.140
unknown
www.google-analytics.com 216.58.207.78
whitelisted
stats.g.doubleclick.net 108.177.15.157
108.177.15.154
108.177.15.156
108.177.15.155
whitelisted
s.tribalfusion.com 204.11.109.65
204.11.109.68
204.11.110.64
204.11.110.61
204.11.110.62
204.11.110.63
204.11.109.67
204.11.109.66
whitelisted
us-u.openx.net 173.241.240.143
whitelisted
d2na2p72vtqyok.cloudfront.net 52.222.150.179
52.222.150.81
52.222.150.144
52.222.150.161
whitelisted
ads.stickyadstv.com 2.18.234.233
whitelisted
a.tribalfusion.com 204.11.109.66
204.11.109.67
204.11.110.63
204.11.110.62
204.11.110.61
204.11.110.64
204.11.109.68
204.11.109.65
whitelisted
geoip.insticator.com 104.20.24.11
104.20.25.11
unknown
df80k0z3fi8zg.cloudfront.net 52.222.150.30
52.222.150.121
52.222.150.227
52.222.150.172
whitelisted
aa.agkn.com 54.77.164.43
52.49.24.175
34.243.189.217
34.250.48.64
34.243.136.23
54.72.1.54
54.72.61.29
54.72.169.137
whitelisted
dsum-sec.casalemedia.com 95.100.198.4
whitelisted
ib.adnxs.com 37.252.172.39
37.252.172.42
37.252.172.53
37.252.172.70
37.252.172.40
37.252.172.12
37.252.172.27
37.252.172.80
whitelisted
g2.gumgum.com 52.213.9.79
54.76.31.118
34.242.98.223
54.194.74.35
54.229.133.169
52.211.42.236
whitelisted
ssc.33across.com 54.165.192.145
54.198.92.98
3.88.81.239
34.198.189.190
34.234.195.164
54.175.157.152
whitelisted
bid.contextweb.com 74.214.194.133
74.214.194.134
unknown
apex.go.sonobi.com 178.162.133.150
whitelisted
dmx.districtm.io 35.203.66.107
unknown
d.agkn.com 54.93.153.122
18.196.132.175
35.158.212.227
3.120.56.118
3.122.170.13
18.196.131.167
52.57.68.107
18.195.73.96
whitelisted
cacerts.digicert.com 104.18.10.39
104.18.11.39
whitelisted
pixel.advertising.com 52.28.249.38
18.185.82.66
35.157.172.233
52.59.18.200
52.28.225.2
52.58.90.155
18.184.227.16
52.28.223.105
whitelisted
x.ss2.us 52.222.146.114
52.222.146.240
52.222.146.13
52.222.146.27
whitelisted
tags.bluekai.com 23.60.196.160
whitelisted
www.download.windowsupdate.com 13.107.4.50
whitelisted
image6.pubmatic.com 185.64.189.115
whitelisted
dpm.demdex.net 34.255.28.155
52.31.211.225
54.154.86.186
52.49.41.66
52.49.47.75
54.194.73.223
54.72.80.76
63.32.166.115
whitelisted
cm.g.doubleclick.net 216.58.206.2
whitelisted
pixel.rubiconproject.com 213.19.162.80
213.19.162.90
whitelisted
public-prod-dspcookiematching.dmxleo.com 52.29.121.243
52.29.154.145
unknown
beacon.krxd.net 54.228.202.240
54.247.163.81
54.228.249.209
54.228.238.12
54.228.214.7
54.247.93.240
54.247.83.46
54.247.67.84
whitelisted
simage2.pubmatic.com 185.64.189.110
whitelisted
srv.carbonads.net 206.189.18.245
unknown
www.googletagservices.com 64.233.167.157
64.233.167.154
64.233.167.155
64.233.167.156
whitelisted
cdnp1.stackassets.com 52.222.150.141
52.222.150.241
52.222.150.90
52.222.150.139
whitelisted
cdnp0.stackassets.com 52.222.150.90
52.222.150.139
52.222.150.141
52.222.150.241
malicious
cdn4.buysellads.net 94.31.29.32
unknown
adservice.google.no 216.58.207.34
whitelisted
adservice.google.com 216.58.206.2
whitelisted
securepubads.g.doubleclick.net 172.217.16.194
whitelisted
srv.buysellads.com 206.189.18.245
unknown
ad.doubleclick.net 172.217.18.166
whitelisted
bh.contextweb.com 151.101.0.166
151.101.64.166
151.101.128.166
151.101.192.166
unknown
x.bidswitch.net 18.153.11.2
18.153.11.3
18.153.11.4
18.153.11.5
18.153.11.6
18.153.11.7
18.153.11.1
whitelisted
r.254a.com 35.187.125.239
whitelisted
www.google.com 172.217.23.164
whitelisted
grabify.link 104.27.157.221
104.27.156.221
suspicious
v3rmillion.net 104.25.231.27
104.25.230.27
whitelisted
fonts.googleapis.com 216.58.206.10
whitelisted
maxcdn.bootstrapcdn.com 209.197.3.15
whitelisted
s.nitropay.com 104.25.243.116
104.25.244.116
unknown
safebrowsing.googleapis.com 172.217.18.106
whitelisted
fonts.gstatic.com 216.58.206.3
whitelisted
serve.v3rmillion.net 104.25.231.27
104.25.230.27
unknown
tracker.nitropay.com 104.25.244.116
104.25.243.116
unknown
clients1.google.com 172.217.16.142
whitelisted

Threats

PID Process Class Message
2860 chrome.exe Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain

Debug output strings

No debug info.